CVE-2020-7039

Priority
Description
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages
memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a
heap-based buffer overflow or other out-of-bounds access which can lead to
a DoS or potential execute arbitrary code.
Notes
mdeslaurpossible better approach would be to disable tcp_emu completely
https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91
Package
Upstream:released (4.1.0-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):not-affected (4.1.0-2)
Patches:
Upstream:https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
Upstream:https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
Upstream:https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
Package
Source: qemu (LP Ubuntu Debian)
Upstream:released (1:4.2-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.5+dfsg-5ubuntu10.43)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:2.11+dfsg-1ubuntu7.23)
Ubuntu 19.10 (Eoan Ermine):released (1:4.0+dfsg-0ubuntu9.4)
Ubuntu 20.04 (Focal Fossa):not-affected (uses system libslirp)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Source: slirp (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.10 (Eoan Ermine):needed
Ubuntu 20.04 (Focal Fossa):not-affected (1:1.0.17-10)
More Information

Updated: 2020-02-18 18:14:29 UTC (commit 55c7734d57cda9c01aa716129692a3b7cfa41246)